General
-
Target
Swift. pasha bank. 10152021.exe
-
Size
751KB
-
Sample
211015-t2pzlabbe2
-
MD5
2bd73a6b3cf01146aa8f73729311a11a
-
SHA1
dd5695151b4e269f42cdc0ecf50a27fc144af025
-
SHA256
c60a64f8910005f98f6cd8c5787e4fe8c6580751a43bdbbd6a14af1ef6999b8f
-
SHA512
e04b457287aabce6022167d1fa1e7ea3e33d5bc549d749ff12745748505768747a360e2296c28ccad7b1102a7670467ac49ebe0476378ce672d4fd2cc5cf1b8b
Static task
static1
Behavioral task
behavioral1
Sample
Swift. pasha bank. 10152021.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
pvxz
http://www.finetipster.com/pvxz/
imt-token.club
abravewayocen.online
shcloudcar.com
mshoppingworld.online
ncgf08.xyz
stuinfo.xyz
wesavetheplanetofficial.com
tourbox.xyz
believeinyourselftraining.com
jsboyat.com
aaeconomy.info
9etmorea.info
purosepeti7.com
goticketly.com
pinkmemorypt.com
mylifewellnesscentre.com
iridina.online
petrestore.online
neema.xyz
novelfooditalia.com
enterprisedaas.computer
tzkaxh.com
brainfarter.com
youniquegal.com
piiqrio.com
mdaszb.com
boldmale.com
era636.com
castleinsuranceco.com
woodennickelmusicfortwayne.com
customer-servis-kredivo.com
high-clicks.com
greetwithgadgets.com
hfsd1.com
insureagainstearthquakes.net
ultimatejump.rest
parivartanyogeshstore.com
handmanagementblog.com
meishangtianhua.com
michaelscottinsurance.net
kershoes.com
atomiccharmworks.com
conciergecompare.com
zeal-hashima.com
coachianscott.com
hwkm.net
019skz.xyz
jardingenesis.com
sumikkoremon.com
tjpengyun.com
sectionpor.xyz
46t.xyz
sa-pontianak.com
localproperty.team
dotexposed.com
cis136-tgarza.com
eiestilo.com
youknowhowtolive.com
phalcosnusa.com
qaticv93iy.com
hbjngs.com
ocean-nettoyage.com
jenuwinclothes.net
anadoluatvoffroad.com
Targets
-
-
Target
Swift. pasha bank. 10152021.exe
-
Size
751KB
-
MD5
2bd73a6b3cf01146aa8f73729311a11a
-
SHA1
dd5695151b4e269f42cdc0ecf50a27fc144af025
-
SHA256
c60a64f8910005f98f6cd8c5787e4fe8c6580751a43bdbbd6a14af1ef6999b8f
-
SHA512
e04b457287aabce6022167d1fa1e7ea3e33d5bc549d749ff12745748505768747a360e2296c28ccad7b1102a7670467ac49ebe0476378ce672d4fd2cc5cf1b8b
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-